B-C-METOYX

The week in security storytelling

Blog Post created by B-C-METOYX Employee on Jan 30, 2015

Good day, folks.

 

This was a busy week, with two blog posts about the so-called Ghost vulnerability, the release of SOTI – Security Report and a great team effort from CSIRT on DNS hijacking.

 

Please note that in addition to the Akamai Blog, all this content and more can be found on Akamai Community https://community.akamai.com/welcome, StateoftheInternet.com http://www.stateoftheinternet.com/ and the security section of Akamai.com, http://www.akamai.com/infosec.

 

Update on CVE-2015-0235

On Tuesday, Akamai learned about and published a blog post highlighting a public vulnerability in the GNU C Library that could be exploited and used to take remote control of vulnerable Linux systems. Today, following our internal investigation, we have some additional information to share.

https://blogs.akamai.com/2015/01/update-on-cve-2015-0235.html

 

Q4 2014 State of the Internet - Security Report: Numbers

The Q4 2014 State of the Internet - Security report is out today. We've previewed sections this past week (see sidebar below), but now we can share some numbers.

https://blogs.akamai.com/2015/01/q4-2014-state-of-the-internet---security-report-some-numbers.html

 

DNS Hijacking: Dangers and Defenses

We're always concerned about where the next attack is coming from. We worry about DDoS, SQL injection, defacements and a host of other attack techniques. One attack in particular can bypass even the best security protections and give attackers the keys to the kingdom. That attack is called DNS Hijacking. This happens when attackers gain access to a domain registrar account and change the DNS resource recordsto point to server(s) under the attacker's control.

https://blogs.akamai.com/2015/01/dns-hijacking-dangers-and-defenses.html

 

Latest Security Whiteboard Videos

Last month, we released three new security whiteboard videos. Here's the whole package, for your viewing pleasure and ongoing security education.

https://blogs.akamai.com/2015/01/latest-security-whiteboard-videos.html

 

CVE-2015-0235: Heap-Based Buffer Overflow Vulnerability in Linux Systems

A public vulnerability in the GNU C Library that could be exploited to take remote control of vulnerable Linux systems was recently disclosed.

https://blogs.akamai.com/2015/01/akamai-investigates-ghost-glibc-vulnerability.html

 

Blizzard 2015: The Power Of Redundancy

A blizzard rages outside as I write this, and the governor of Massachusetts has banned travel on the roads. Many of us from Akamai's Cambridge headquarters will spend today at home, and possibly tomorrow. But Akamai will continue to run. Being spread across the globe makes that a given. It illustrates the power of redundancy.

https://blogs.akamai.com/2015/01/the-power-of-redundancy-at-planetary-scale.html

 

Luna Authentication and Authorization

Yesterday, my colleague Michael Smith shared a write-up on Akamai's Luna Authentication and Authorization services, telling his Twitter followers: "This will save your life if you are an Akamai customer. Set it up now." It is an important part of what we offer, and a refresher course is appropriate here as well.

https://blogs.akamai.com/2015/01/luna-authentication-and-authorization.html

Outcomes